From: Stefan Hajnoczi <stefanha@redhat.com>
To: Brian Song <hibriansong@gmail.com>
Cc: qemu-block@nongnu.org, qemu-devel@nongnu.org, armbru@redhat.com,
bernd@bsbernd.com, fam@euphon.net, hreitz@redhat.com,
kwolf@redhat.com
Subject: Re: [PATCH 3/4] export/fuse: Safe termination for FUSE-uring
Date: Wed, 10 Sep 2025 09:17:04 -0400 [thread overview]
Message-ID: <20250910131704.GB246746@fedora> (raw)
In-Reply-To: <128a530b-b375-4019-bfef-9482cc63af37@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2457 bytes --]
On Tue, Sep 09, 2025 at 04:51:32PM -0400, Brian Song wrote:
>
>
> On 9/9/25 3:33 PM, Stefan Hajnoczi wrote:
> > On Fri, Aug 29, 2025 at 10:50:24PM -0400, Brian Song wrote:
> > > @@ -901,24 +941,15 @@ static void fuse_export_shutdown(BlockExport *blk_exp)
> > > */
> > > g_hash_table_remove(exports, exp->mountpoint);
> > > }
> > > -}
> > > -
> > > -static void fuse_export_delete(BlockExport *blk_exp)
> > > -{
> > > - FuseExport *exp = container_of(blk_exp, FuseExport, common);
> > > - for (int i = 0; i < exp->num_queues; i++) {
> > > + for (size_t i = 0; i < exp->num_queues; i++) {
> > > FuseQueue *q = &exp->queues[i];
> > > /* Queue 0's FD belongs to the FUSE session */
> > > if (i > 0 && q->fuse_fd >= 0) {
> > > close(q->fuse_fd);
> >
> > This changes the behavior of the non-io_uring code. Now all fuse fds and
> > fuse_session are closed while requests are potentially still being
> > processed.
> >
> > There is a race condition: if an IOThread is processing a request here
> > then it may invoke a system call on q->fuse_fd just after it has been
> > closed but not set to -1. If another thread has also opened a new file
> > then the fd could be reused, resulting in an accidental write(2) to the
> > new file. I'm not sure whether there is a way to trigger this in
> > practice, but it looks like a problem waiting to happen.
> >
> > Simply setting q->fuse_fd to -1 here doesn't fix the race. It would be
> > necessary to stop processing fuse_fd in the thread before closing it
> > here or to schedule a BH in each thread so that fuse_fd can be closed
> > in the thread that uses the fd.
>
> I get what you mean. This newly introduced cleanup code was originally in
> the deletion section, after the reconf counter decreased to 0, and it was
> meant to cancel the pending SQEs. But now we've moved it to the shutdown
> section, which may introduce a potential problem. How do you think we should
> fix it? This is the last week of GSoC, I'm already busy on weekdays since
> the new term has started.
Hi Brian,
Two issues:
1. Change of behavior for non-io_uring code. It would be safer to keep
the old behavior for non-io_uring code.
2. The race condition. Schedule a BH in each queue's IOThread and call
close(fuse_fd) from the BH function. That way there is no race
between threads.
Stefan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2025-09-10 13:19 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-30 2:50 [PATCH 0/4] export/fuse: Add FUSE-over-io_uring for Storage Exports Brian Song
2025-08-30 2:50 ` [PATCH 1/4] export/fuse: add opt to enable FUSE-over-io_uring Brian Song
2025-09-03 10:53 ` Stefan Hajnoczi
2025-09-03 18:00 ` Brian Song
2025-09-09 14:48 ` Stefan Hajnoczi
2025-09-09 17:46 ` Brian Song
2025-09-09 18:05 ` Bernd Schubert
2025-09-03 11:26 ` Stefan Hajnoczi
2025-09-16 19:08 ` Kevin Wolf
2025-09-17 19:47 ` Brian Song
2025-09-19 14:13 ` Kevin Wolf
2025-08-30 2:50 ` [PATCH 2/4] export/fuse: process FUSE-over-io_uring requests Brian Song
2025-09-03 11:51 ` Stefan Hajnoczi
2025-09-08 19:09 ` Brian Song
2025-09-08 19:45 ` Bernd Schubert
2025-09-09 1:10 ` Brian Song
2025-09-09 15:26 ` Stefan Hajnoczi
2025-09-19 13:54 ` Kevin Wolf
2025-08-30 2:50 ` [PATCH 3/4] export/fuse: Safe termination for FUSE-uring Brian Song
2025-09-09 19:33 ` Stefan Hajnoczi
2025-09-09 20:51 ` Brian Song
2025-09-10 13:17 ` Stefan Hajnoczi [this message]
2025-09-15 5:43 ` Brian Song
2025-09-17 13:01 ` Hanna Czenczek
2025-09-17 22:06 ` Brian Song
2025-09-22 17:41 ` Stefan Hajnoczi
2025-09-22 17:51 ` Stefan Hajnoczi
2025-08-30 2:50 ` [PATCH 4/4] iotests: add tests for FUSE-over-io_uring Brian Song
2025-09-09 19:38 ` Stefan Hajnoczi
2025-09-09 20:51 ` Brian Song
2025-09-10 13:14 ` Stefan Hajnoczi
2025-09-12 2:22 ` Brian Song
2025-09-15 17:41 ` Stefan Hajnoczi
2025-08-30 12:00 ` [PATCH 0/4] export/fuse: Add FUSE-over-io_uring for Storage Exports Brian Song
2025-09-03 9:49 ` Stefan Hajnoczi
2025-09-03 18:11 ` Brian Song
2025-09-16 12:18 ` Kevin Wolf
2025-09-04 19:32 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250910131704.GB246746@fedora \
--to=stefanha@redhat.com \
--cc=armbru@redhat.com \
--cc=bernd@bsbernd.com \
--cc=fam@euphon.net \
--cc=hibriansong@gmail.com \
--cc=hreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).